The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
The vast majority of organizations today rely on computer systems and networks for an increasingly wide variety of business operations. As the reliance on these systems networks has grown, so too has the importance of securing those computer systems and networks against internal and external security threats. However, the breadth and complexity of security threats targeting such computer systems and networks is far and wide and ever growing. To monitor and address these security threats, organizations increasingly rely on sophisticated computer network security applications and hardware such as firewalls, anti-virus tools, data loss prevention software, etc.
Some types of computer network security applications involve deep packet inspection (DPI). At a high level, DPI involves monitoring network traffic for instances of viruses, spam, network intrusion attempts, protocol non-compliance, etc., by searching for patterns in the data portion, headers, and other protocol structures comprising network traffic. For example, a DPI process may monitor incoming and outgoing network traffic for patterns known to correspond to malicious or unwanted network traffic and block any traffic containing one or more of the known patterns. A benefit of using DPI to monitor computer network traffic in this way is that a network security application can “understand” and monitor the use of certain network protocols and higher layer applications (e.g., HTTP, email, etc.) which may span multiple network packets, whereas other packet filtering techniques may operate only on individual packets. However, as the number of patterns to be detected in network traffic increases, the computational complexity of checking potentially vast amounts of network traffic and other data for the existence of such patterns can quickly lead to undesirable performance delays.